social engineering Archives • Page 6 of 12 • Daily CyberSecurity

“Contagious Interview” Goes macOS: North Korean Hackers Deploy Stealthy “DriverFixer” Stealer DriverFixer0428, Contagious Interview Cache Smuggling, ClickFix Evasion North Korean Cyber Espionage

DriverFixer0428, Contagious Interview Cache Smuggling, ClickFix Evasion North Korean Cyber Espionage

“Contagious Interview” Goes macOS: North Korean Hackers Deploy Stealthy “DriverFixer” Stealer

Do Son December 25, 2025

A notorious North Korean cyber-espionage campaign known for targeting job seekers has expanded its arsenal with a...

“Casting Call” for Malware: APT37 Poses as TV Writers to Hack Targets APT37 Artemis, Korean TV Casting Phishing

“Casting Call” for Malware: APT37 Poses as TV Writers to Hack Targets

Do Son December 24, 2025

A notorious threat group is auditioning victims for a new cyber-espionage campaign, masquerading as television production staff...

APT-36 Uses Fake “WhatsApp Fraud” Advisory to Hack Government Systems TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

APT-36 Uses Fake “WhatsApp Fraud” Advisory to Hack Government Systems

Do Son December 24, 2025

The sophisticated threat group APT-36 is hacking government systems by warning them about hackers. A new intelligence...

“Webrat” Trap: Hackers Lure Junior Security Researchers with Fake GitHub Exploits Webrat Malware, Fake PoC Exploits

“Webrat” Trap: Hackers Lure Junior Security Researchers with Fake GitHub Exploits

Do Son December 24, 2025

A cunning malware campaign initially designed to trick gamers has evolved into a dangerous trap for aspiring...

“Tax Compliance” Trap: Hackers Mimic Indian Income Tax Department to Deploy China-Linked Malware Income Tax Phishing, China-Linked APT

“Tax Compliance” Trap: Hackers Mimic Indian Income Tax Department to Deploy China-Linked Malware

Do Son December 23, 2025

As tax filing season discussions linger, a new and sophisticated phishing campaign is targeting Indian businesses by...

The 3-Million Email Siege: Inside Scripted Sparrow’s Global Industrialized BEC Machine Scripted Sparrow, Industrialized BEC

The 3-Million Email Siege: Inside Scripted Sparrow’s Global Industrialized BEC Machine

Do Son December 23, 2025

A massive, globally distributed cybercriminal collective is aggressively targeting corporate finance departments with a highly automated Business...

The Payroll Trap: New Quishing Campaign Uses Fake CAPTCHAs to Hijack Employee Paychecks Payroll Quishing, CYFIRMA Analysis

The Payroll Trap: New Quishing Campaign Uses Fake CAPTCHAs to Hijack Employee Paychecks

Do Son December 23, 2025

A sophisticated new phishing campaign is targeting employees where they are most vulnerable—their paychecks—by leveraging QR codes...

Hackers Abuse “Device Codes” to Bypass Security and Seize Microsoft 365 Accounts Device Code Phishing, Microsoft 365 OAuth

Hackers Abuse “Device Codes” to Bypass Security and Seize Microsoft 365 Accounts

Do Son December 22, 2025

Cybercriminals have found a new way to turn corporate security protocols against themselves, weaponizing a legitimate Microsoft...

“ClickFix” Trap: Fake Human Verification Leads to Qilin Ransomware Infection Iranian Cyber Espionage Void Manticore

“ClickFix” Trap: Fake Human Verification Leads to Qilin Ransomware Infection

Do Son December 22, 2025

A deceptive social engineering tactic known as “ClickFix” has evolved into a gateway for major ransomware attacks,...

TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs AuraStealer, Scam-Yourself

TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs

Do Son December 22, 2025

A deep-dive analysis by Gen Digital (Gen Threat Labs) has unveiled AuraStealer, an emerging Malware-as-a-Service (MaaS) that...

Academic Ambush: How the Forum Troll APT Hijacks Scholars’ Systems via Fake Plagiarism Reports Forum Troll APT, Academic Espionage

Academic Ambush: How the Forum Troll APT Hijacks Scholars’ Systems via Fake Plagiarism Reports

Do Son December 18, 2025

A relentless Advanced Persistent Threat (APT) group known as “Forum Troll” has shifted its crosshairs from corporate...

Blurred Deception: Russian APT Targets Transnistria and NATO with High-Pressure Phishing Lures Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Blurred Deception: Russian APT Targets Transnistria and NATO with High-Pressure Phishing Lures

Do Son December 18, 2025

A sophisticated Russian Advanced Persistent Threat (APT) group has launched a targeted credential harvesting campaign against the...

Phantom Stealer Targets Russian Finance with ISO Phishing, Deploying Keyloggers and Crypto-Wallet Theft Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Phantom Stealer Targets Russian Finance with ISO Phishing, Deploying Keyloggers and Crypto-Wallet Theft

Do Son December 16, 2025

A sophisticated new phishing campaign is targeting the heart of Russia’s financial infrastructure, disguising a potent information-stealing...

Russian APT UTA0355 Steals Microsoft 365 OAuth Tokens via Fake Security Conference Lures and WhatsApp Support UTA0355 OAuth Phishing, Fake Conference Lure

UTA0355 OAuth Phishing, Fake Conference Lure

Russian APT UTA0355 Steals Microsoft 365 OAuth Tokens via Fake Security Conference Lures and WhatsApp Support

Do Son December 8, 2025

A sophisticated Russian threat actor, tracked as UTA0355, has launched a targeted phishing campaign impersonating prestigious international...

New Android Call Scam Protection Pauses Calls for 30 Seconds During Financial App Use Android Call Scam Protection 30-Second Fraud Delay

New Android Call Scam Protection Pauses Calls for 30 Seconds During Financial App Use

Do Son December 5, 2025

Google is now expanding Android’s call-scam protection through Google Play Services, enhancing the system’s ability to safeguard...

Russian Calisto APT Targets Reporters Without Borders with Custom AiTM Phishing and “Missing File” Lure Calisto RSF Espionage, AiTM Phishing Lure

Calisto RSF Espionage, AiTM Phishing Lure

Russian Calisto APT Targets Reporters Without Borders with Custom AiTM Phishing and “Missing File” Lure

Do Son December 5, 2025

A fresh wave of cyber-espionage attacks has struck the international non-profit sector, with Russian state-sponsored hackers zeroing...

Alarm: Coupang Data Breach Exposes 33.7 Million Users—Over Half of South Korea Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Alarm: Coupang Data Breach Exposes 33.7 Million Users—Over Half of South Korea

Do Son December 2, 2025

A major data breach has struck Coupang, one of South Korea’s most prominent e-commerce platforms, compromising the...

New MaaS Operator TAG-150 Uses ClickFix Lure and Custom CastleLoader to Compromise 469 US Devices TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

New MaaS Operator TAG-150 Uses ClickFix Lure and Custom CastleLoader to Compromise 469 US Devices

Do Son December 1, 2025

A new and aggressive player has entered the cybercrime arena. A recent report from Darktrace sheds light...

Silent Threat: How Malicious Calendars & ‘Promptware’ Target 4M+ Devices Daily

Do Son November 28, 2025

A new investigation by Bitsight TRACE has uncovered a subtle yet scalable attack vector: malicious calendar subscriptions....

macOS Threat: AppleScript (.scpt) Files Emerge as New Stealth Vector for Stealer Malware AppleScript Malware, macOS Supply Chain

macOS Threat: AppleScript (.scpt) Files Emerge as New Stealth Vector for Stealer Malware

Do Son November 14, 2025

A new malware distribution trend is emerging across the macOS threat landscape, according to fresh research from...

Critical Alert 3 Active Exploits Detected Today

Critical Alert